<!DOCTYPE html>
<html>
  <head>
    <title>Async PUT request denied at preflight</title>
    <script src="/resources/testharness.js"></script>
    <script src="/resources/testharnessreport.js"></script>
    <script src="/common/get-host-info.sub.js"></script>
    <script src="/common/utils.js"></script>
  </head>
  <body>
    <script type="text/javascript">
const uuid = token();
const url = get_host_info().HTTP_REMOTE_ORIGIN +
      "/xhr/resources/access-control-preflight-denied.py?token=" + uuid;

async_test((test) => {
  let xhr = new XMLHttpRequest;
  xhr.open("GET", url + "&command=reset", false);
  xhr.send();

  xhr = new XMLHttpRequest;
  xhr.open("PUT", url, true);

  xhr.onload = test.unreached_func("Cross-domain access allowed unexpectedly.");

  xhr.onerror = test.step_func_done(() => {
    xhr = new XMLHttpRequest;
    xhr.open("GET", url + "&command=complete", false);
    xhr.send();
    assert_equals(xhr.responseText, "Request successfully blocked.");
  });

  xhr.send();
});
    </script>
  </body>
</html>
